Paper 2016/1007

A survey of attacks on Ethereum smart contracts

Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli

Abstract

Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.

Note: Updated attacks to version 0.4.2 of the Solidity compiler.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
smart contractsblockchaincryptocurrencies
Contact author(s)
bart @ unica it
History
2016-12-14: revised
2016-10-26: received
See all versions
Short URL
https://ia.cr/2016/1007
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/1007,
      author = {Nicola Atzei and Massimo Bartoletti and Tiziana Cimoli},
      title = {A survey of attacks on Ethereum smart contracts},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1007},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/1007}},
      url = {https://eprint.iacr.org/2016/1007}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.